Why Security Brigade?

Some of the things we do better than most other vendors

Security Brigade was founded with a quality-first thought process. As such we do things differently than most vendors and this enables us to deliver
a superior report everytime. Some of these key differentiators are given below:

Reports with Detailed Fix Information

Our Reports contains the minute information about the web-application logic, POCs etc

Intelligent Automation with Multi-Tool Integration

Our Reports contains the minute information about the web-application logic, POCs etc

Manual Business Logic and Workflow Testing

Our Reports contains the minute information about the web-application logic, POCs etc

Reports with Detailed Fix Information

Reports with Detailed Fix Information

Our security audit reports are different in a number of ways:

  • Fix information with code examples are given for the customers specific platform and environment. So if the customer has a SQL Injection in their PHP + MySQL website - We will give them code examples for how to securely fix this issue with PHP + MySQL.
  • Step by step proofs of concepts are given for each issue. This enables the customers team to thoroughly understand and reproduce the issue independently.
  • Reports do-not contain generic copy-pasted text. Each report is written specifically with the customers application and network in mind to ensure maximum relevance to their situation.

Intelligent Automation with Integration of Commercial, Open-Source and Proprietary Tools

Most auditors rely on a single automated tool for every single audit. However, networks and applications today are far too complicated for a single tool to be able to do justice. Our Intelligent Automation Platform works as follows:

  • Our platform automatically profiles the target and understands various key criteria about the network or application. (Such as if the website is Ajax or Flash heavy, or if the network uses Lotus Domino Servers or Cisco Devices and so on)
  • Based on the profile that's created, it intelligently short lists tools that work best with those platforms based on internal benchmarks and past experience.
  • An auditor approves the tools and commands which are then executed by the platform. The results are then correlated, cross-referenced and presented to the auditor as a simplified consolidated view.
Intelligent Automation with Integration of Commercial, 
                     Open-Source and Proprietary Tools
Manual Business Logic and Workflow Testing

Manual Business Logic and Workflow Testing

Most companies refer to "manual testing" as part of their process, but they are only talking about removing false positives. Applications today contain a significant amount of business logic and workflow and these areas cannot be tested thoroughly through tools.

  • We go through the complete application and map its modules, sub-modules, pages, parameters, data flow, and workflow.
  • Based on this information, we prepare test-cases of all possible abuse scenarios that could take place for each component.
  • This abuse scenarios are tested, reviewed and executed based on which a TRUE or FALSE status is applied to each issue.

This process lets us identify significant critical vulnerabilities that are impossible to find through automated mechanisms.